Written by Rob Young , Director – 18th October 2017
In summer 2017, the Russian hacking group ‘Fancy Bears’ leaked documents exposing Ex-Premier league players Dirk Kuyt, Carlos Tevez and Gabriel Heinze claiming they were cleared to use banned drugs at the 2010 World Cup. The leaked documents also claimed that over 160 players failed drugs tests in 2015. In response to this, and to avoid future interceptions, the FA announced they are focusing heavily on cyber security for the World Cup 2018. All players will be banned from using public Wi-Fi hotspots at any time during the tournament, to alleviate any risk of sensitive information being hacked and leaked via use of public Wi-Fi hotspots. (Source: BBC)
Last week it was published that security researcher Mathy Vanhoef of KU Leuven in Belgium discovered that public Wi-Fi hotspots are being used to carry out attacks known as ‘Krack.’ Using a vulnerability in WPA2’s , another form of authentication that the host of the Wi-Fi hotspots use in order to encrypt the network. Worryingly, a huge amount of Wi-Fi enabled devices and networks use WPA2. It has been reported by Wired that a flaw in WPA2 could be exploited to steal data of those connected. In response, updates are urgently being rolled out in order to fix the issue. Microsoft were reported to roll out their patch this week. Below you can see a video example of how the ‘Krack’ attacks are carried out.
Why are Public Wi-Fi hotspots always a threat?
Unfortunately ‘Krack’ attacks aren’t the only form of cyber attacks that can be carried out on users of Public Wi-Fi hotspots and in this blog we’re going to explore these methods of attacks that Cyber Criminals are using regularly to carry out extremely harmful attacks. The updates that WPA2 isn’t going to stop cyber criminals being able to infiltrate unsecure Wi-Fi hotspots using different methods. Below we explore the three mose prevalent methods.
What are the risks of employees using Public Hotspots?
Public wifi hotspots, pose a huge risk to all users especially business users. In the past 5 years there has been a significant rise in the number of employees working outside of the office and using public Wi-Fi hotspots in places such as coffee shops, airports and hotels whilst on the go. Although there are numerous business benefits of employees working remotely, it’s imperative that the correct security measures are in place to protect your businesses data. In this blog, we’re going to explore how the cyber criminals carry out attacks on public Wi-Fi networks and what you can do to minimise the risk of being affected.
What are Rouge Hotspots?
Rouge hotspots are set up by cyber criminals to clone a legitimate public Wi-Fi hotspot – they will be almost identical with only a slight difference. The hackers wait for people to connect and once connected, they then browse the user’s device. They try and target users who are in communication with the business they work for to acquire personal information such as emails and passwords that will enable them to attack the business.
2017 has seen a significant rise in cyber attacks and it’s clear that cyber criminals are now working harder than ever to find new ways of carrying out these harmful attacks. WannaCry, Petya and Locky ransomware caused mass disruption to businesses globally and those affected saw a huge loss in money and data earlier this year. With the sudden growth in public Wi-Fi hotspots over the past few years’ cyber criminals are using these as another opportunity to carry out attacks. Cyber criminals can use unsecure public Wi-Fi networks to inject Malware into the devices connected to it. The hackers use the malware to gain access to a user’s entire device this includes email, files, passwords and photos. Many people who use public Wi-Fi hotspots use the same device they use for work – meaning they will have lots of business related private information on their device. Hackers can intercept that information and then target that business.
What is a Man-in-the-Middle Attack?
A Man-in-the-Middle attack is carried out by cyber criminals exploiting a security flaw in the unencrypted public Wi-Fi router, they scan the data between the router and connected devices. The attacker will target a user of the public Wi-Fi hotspot that is in communication with someone outside of the public Wi-Fi hotspot e.g. a colleague in the office. They can then intercept communication between those two people and any personal data being sent. This form of attack can often go undetected. Man-in-the-Middle attacks can occur on any type of device including mobiles and tablets.
Photo Credits – Norton
How can you protect your business when using Public Wi-Fi?
- Use VPN’s (Virtual Private Network) VPN’S encrypt your internet connection to ensure you’re secure and protects your privacy – make sure all employees working remotely are set up with a VPN and they use this when out of the office.
- Use HTTPS when visiting websites – HTTP isn’t encrypted therefore you’re vulnerable when visiting HTTP sites. HTTPS websites are encrypted making them secure. Below is an example of a secure website on both a computer and mobile.
- Use endpoint protection – Ensure you have industry standard security protection on your device. Intercept X by Sophos is a great way to protect your device from malware that could be transmitted via a public Wi-Fi hotspot.
- Microsoft Enterprise Mobility Suite + Security – Intune, an application within Microsoft Enterprise Mobility Suite enables you to turn off automatic connections to public Wi-Fi hotspots. This ensures employees only connect to selected hotspots and prevents employees accessing unencrypted networks on their business devices.
- Secure your login credentials – Use two-factor authentication for all login credentials on accounts.
Infinity Group are IT Security Specialists. If you would like to discuss any concerns you have regarding your business’ IT Security setup then please get in touch with one of our IT security consultants who will be happy to help you.
If you’re interested in learning about other forms of cyber-attacks, please read ‘Doppelganger domains – how businesses are targeted.’ And ‘Supply chain cyber-attacks – what businesses need to know’.